DISCLOSURE STATEMENT PREPARED BY

Transcription

1 DISCLOSURE STATEMENT PREPARED BY OneNet Limited AS AT 18 August 2013

2 1 Introduction For an organisation to be a CloudCode Signatory they must wholly disclose the following information to all clients, both prospective and current, before, during and after the sales process. They must update their Disclosure Document and inform the Register of CloudCode Signatories of these changed disclosures as soon as possible and not later than 28 days after the change is made. Where the change has a material effect on the Cloud product or service being provided, they must notify all clients of these changes. The CloudCode website provides more information of what constitutes a material change. The standard areas of disclosure required by the CloudCode are: 1. Corporate Identity Company name:... OneNet Limited Company Registration Number: Trading name:... OneNet Limited Physical address: Jervois Road, Herne Bay, Auckland Postal address:... P O Box 46068, Herne Bay, Auckland Company website:... Contact phone number: Contact address:... Complaints about our service can be made in the first instance to. Contact person responsible for these disclosure statements can be contacted via the following address: The disclosures herein apply to the following products or services supplied by us: Online PC Backup as described at Online Server Backup as described at For the purpose of Legal Jurisdiction, the contracted supplier who provides the service to you is a Company registered in New Zealand The governing law of our contract with you is New Zealand law The disclosure statements that follow have been Self-Assessed CloudCode: Cloud Computing Code of Practice - v2.0 Disclosure Statement Template 2

3 2. Ownership of Information We do not Claim ownership of any data or information uploaded to our service. Your data and information may traverse or be stored on our upstream provider s networks or systems. In these instances that provider considers the data and information that you use or transmit via our service as owned by the client Metadata and other statistical information, such as anonymised data generated as a result of the use of our service, is owned by the service provider and is used for the purposes of improving our service to you. 3. Security As at the date of application: We are listed on the CSA STAR Registry. We do not formally meet any security related standards We have the following physical security in place at the data centres hosting your data: OneNet co-locates its equipment in a high-grade facility, which includes a photographic recording of all attendees, CCTV monitoring and 24/7 on-site operational management and security staff. We have the following digital security in place on the systems hosting your data: All stored data is encrypted in 256 bit AES and SSLata 4. Data Location Our primary systems that host your data are located in Auckland, New Zealand Our Backup/Disaster recovery systems that hold your data are located Auckland, New Zealand Additional information about data location: The second data centre holding the second copy of the encrypted Online PC and Online Server Backup cloud services is currently located in Auckland, approximately 18km from OneNet s primary data centre 5. Data Access and Use Data access by you: Your data may be accessed during the contract period as described in our contract with you. Your data can be downloaded from our service during the service provision period via the following formats : native format At the cessation of our service to you, your data will be available to access o Access to this data will be granted via your username and password o There may be additional charges for access to your data after the service has been ceased Data access by us: CloudCode: Cloud Computing Code of Practice - v2.0 Disclosure Statement Template 3

4 Deletion of all customer data at the cessation of our service to you takes place after seven days We use customer data for the following business functions: We do not use data for any business function We do not access customer data for any other purpose. We do not use customer data in order to generate revenue other than through provision of the service. Data access by others: If we are approached by law enforcement agencies it is our policy to conform to the edicts of the law or comply with any legal process served on OneNet. We do not provide access to customer data to third parties other than law enforcement agencies as set out above. 6. Backup and Maintenance Understanding the backup procedures of your service provider and their maintenance policies allows the customer to make decisions on what further steps they may need to ensure their data is backed up sufficiently. Backups are performed every day, or every 15 minutes, depending on the service plan.. Backups include (tick those that apply) system data client data statistical data operating system data other as configured in the service plan. Backup data is stored off site Where backup data is stored offsite, the offsite location is at least 15 km from the location of the data being backed up CloudCode: Cloud Computing Code of Practice - v2.0 Disclosure Statement Template 4

5 We test the restoration of backup data periodically and the test is conducted as a full restoration. Access to backup data or archive data is available via your user name and password.a service request Ad hoc requests for restoration of customer data will be commenced within 4 hours We do allow client audits of backup data, costs of which will be carried by the client organisation Backup data is retained for 4 weeks We do undertake a regular maintenance programme to ensure the reliability and stability of our cloud resources We do undertake a regular maintenance programme to ensure the reliability and stability of our service offerings. 7. Geographic Diversity Our service is provided via multiple locations Our services are provided from the following locations: New Zealand We operate offices in the following countries: New Zealand 8. SLA and Support This section sets out the standard support mechanisms and service level agreements that apply to services. Our standard support hours are. 8.00am to 5.00pm (local time unless stated otherwise). In the event of an unscheduled outage or incident, we will communicate the details of the issues and expected resolution times via OneNet s twitter feed When communicating an issue to us we prefer you to do so via OneNet s case management portal Our standard response time to any support issue raised is less than two hours In the event of a major incident, we will update our notifications every hour When communicating with you we will use telephone or We do make incident reports available to our clients after a major incident. We may shut down or isolate any service offering that is impacting, or will impact, service level agreements. We may require service offering specific tools to enable safe service offering shutdown or isolation if needed. We operate an active/active based service. Additional information about SLA s and support: Click here to enter text. CloudCode: Cloud Computing Code of Practice - v2.0 Disclosure Statement Template 5

6 9. Data Transportability An API is not relevant to the service we offer. Data will be available to download after we cease supplying service to you (if data is available post service cessation, then the following statement will apply) Data can be obtained via a service request describing the requested data format There may be additional charges associated with accessing data after your service has ceased. 10. Business Continuity OneNet has redundant firewalls and Internet suppliers. OneNet also uses BGP (Border Gateway Protocol to allow for the automatic announcement of new IP Addresses in the case of the primary Internet provider failing 11. Data Formats All client data can be exported at any stage of the service delivery in the following formats: native file format 12. Ownership of Application The source code for the application that you use on our service is available to license on your systems outside of our service provision. It will be possible to use your data downloaded from our systems in its native form outside of our service (i.e. your local network) by acquiring the appropriate application software licenses. 13. Customer Engagement We do allow the auditing of our services by customers We do have an acceptable use policy that is applicable to the services stated in section 5.2. This policy can be found at We do operate a Privacy Policy. This policy can be found at 14. Data Breaches If we discover that your data has been lost or compromised, we will always notify you as soon as practicable by or telephone unless that notification would compromise a criminal investigation into the breach. When we are in possession of evidence of criminal activity associated with the breach (such as evidence of hacker activity) we will always notify appropriate law enforcement agencies. 15. Law Enforcement When requested by appropriate law enforcement agencies to supply customer related information without a warrant or legal mechanism to compel disclosure: It is our usual policy not to comply with such requests. 16. Region specific Disclosures CloudCode: Cloud Computing Code of Practice - v2.0 Disclosure Statement Template 6

7 Please list the countries to which you are becoming a signatory to the CloudCode. (Currently just New Zealand). New Zealand CloudCode: Cloud Computing Code of Practice - v2.0 Disclosure Statement Template 7

8 Schedule 1: New Zealand specific Content S1.1 Data Breach Notification The Office of the Privacy Commissioner has published voluntary breach notification guidelines, which can be found at The Data Breach Notification we will make in Section 5.15 will be made consistent with the Voluntary Breach Notification Guidelines issued by the Office of the Privacy Commissioner in New Zealand. Where we are able to determine that there has been significant loss or compromise of information and a risk of harm to individuals we will also notify the Office of the Privacy Commissioner directly. S1.2 New Zealand Legistation We affirm that we always comply with the Privacy Act, Fair Trading Act, Commerce Act, Copyright (Infringing File Sharing) Amendment Act 2011 and other relevant legislation. We do have a current Fair Trading Act Compliance policy, a copy of which may be found at CloudCode: Cloud Computing Code of Practice - v2.0 Disclosure Statement Template 8

Limited www.webdrive.co.nz PO Box 302829 North Harbour North Shore City 0751 Telephone: 0800 SPECIFIC SERVICE TERMS These specific service terms must be read in conjunction with 's General Terms and Conditions

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

THE OBLIGATIONS INTERCEPTION OF COMMUNICATIONS CODE OF PRACTICE If you ve been served with a Technical Capability Notice, here are some of things that will be required of you. v 8.3 The obligations the

PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

May 2010 Cloud Vendor Charter Vendor Version Not for distribution to customers Disclaimer This specification is published without responsibility on the part of BASDA Ltd or the various contributors, sponsors

TERMS & CONDITIONS of SERVICE for MSKnote Definitions: "Us or Our or We or Company" You or Your or Client Refers to MSKnote Limited Refers to you or your organisation Information about us: We are MSKnote

Quorum Privacy Policy Quorum Analytics Inc. ( Quorum") has created this website (the "Website" or the "Site") to provide an online analytical tool that Subscribers can use to generate Derived Analytics

Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this

1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service

Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

PRIVACY POLICY Mil y Un Consejos Network Version Date: April 15th 2010 GENERAL Mil y Un Consejos Network ( Company or we or us or our ) respects the privacy of its users ( user or you ) whether they use

Vodafone New Zealand Microsoft Privacy Statement Dated: August 2013 This Microsoft privacy statement sets out how your personal information is used by Vodafone in connection with the provision of the Microsoft

These terms of service (the "Terms") govern your access to and use of the Online File Storage ("OFS") websites and services (the "Service"). The Terms are between DigitalMailer, Incorporated and Digital

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed

ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side

STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

STRONGER ONLINE SECURITY Enhanced online banking without compromise Manage your business banking efficiently and securely Internet banking has given business leaders and treasurers greater control of financial

BUSINESS CHICKS, INC. Privacy Policy Welcome to businesschicks.com, the online and mobile service of Business Chicks, Inc. ( Company, we, or us ). Our Privacy Policy explains how we collect, use, disclose,

Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

EASTLINK PERSONAL CLOUD TERMS OF SERVICE IMPORTANT - READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY BEFORE PROCEEDING WITH DOWNLOADING AND/OR THE INSTALLATION OF THE SOFTWARE OR USING EASTLINK PERSONAL

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors

Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

TERMS AND CONDITIONS OF USE OF EPCOT CAREER SOLUTIONS LIMITED ULTIMATE CV BUILDER The following definitions apply: Epcot or we means Epcot Career Solutions Ltd Service means the service set out in clause

INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility

GENERAL INFORMATION: PLEASE READ THIS PRIVACY STATEMENT AND NOTICE OF PRIVACY PRACTICES CAREFULLY. The purpose of this Privacy Statement and Notice of the Privacy Practices for Asurion s Mobile Applications

Privacy Policy Introduction This Privacy Policy explains what information Super7ui LLC collect about you and why, what we do with that information, how we share it, and how we handle the content you place

Network Security ProPosal Form Important Please answer all questions from each section and complete in block capitals. Tick the appropriate boxes where necessary and supply any further information requested.

Sample Employee Agreement for Business Use of Employee-Owned Personal Computing Devices (Including Wearables 1 ) Overview: The Bring Your Own Device (BYOD) program allows employees to use their own computing

LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

Data Breach Management Policy and Procedures for Education and Training Boards POLICY on DATA BREACHES in SCHOOLS/COLLEGES and OTHER EDUCATION and ADMINISTRATIVE CENTRES UNDER the REMIT of TIPPERARY EDUCATION

INTRODUCING ON DEMAND FILE SERVER FROM BT WHOLESALE APPLICATION STORE WHAT IS ON DEMAND FILE SERVER? The three most common technology challenges facing every small business are data storage, information

Privacy Statement April 2015 RACT Health Insurance is provided by GMHBA Limited. In this privacy statement, references to RACT Health Insurance are references to GMHBA Limited. References to RACT are references

eztechdirect Backup Service Features Introduction Portable media is quickly becoming an outdated and expensive method for safeguarding important data, so it is essential to secure critical business assets

1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,

Captain Compare Privacy Policy This Privacy Policy contains important information about the type of personal information we collect from you on the Captain Compare website (www.captaincompare.com.au) (Website),

Terms and Conditions Website Development 1. DEFINITIONS The following terms and conditions document is a legal agreement between Embertech Ltd hereafter the Company and Client for the purposes of web site

Philips Lumify App Privacy Notice This Privacy Notice was last changed on September 1, 2015. Philips Electronics North America Corporation ("Philips") strongly believes in protecting the privacy of the

The purpose of this policy This policy applies to all individuals that provide Leading Age Services Australia Victoria (LASA Victoria) with their personal information. What personal information do we collect?

Privacy Policy Version 1.0, 1 st of May 2016 THIS PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY GOCIETY SOLUTIONS FROM USERS OF THE GOCIETY SOLUTIONS APPLICATIONS (GoLivePhone and GoLiveAssist)

1 of 9 Privacy Policy This Privacy Policy explains what information SOLITEC Software Solutions GesmbH and its related entities ( SOLITEC ) collect about you and why, what we do with that information, how

EMR Adoption Program New EMR Adopter Funding Terms and Conditions PROGRAM PURPOSE. The EMR Adoption Program is intended to increase the number of Ontario physicians who use OntarioMD-certified ( certified

Privacy Policy documents for Praendex Incorporated doing business as PI Worldwide Product User Privacy Policy - For Customers, as well as those invited to our websites to complete a PI Survey or SSAT General

IT04 UO ACH Security Policy Effective 1 July 2009 Last Revised Who Should Read This Policy Employees who have access to and, therefore, responsibility for safeguarding customer bank account and Automated

Talen Energy Corporation Website Privacy Notice Talen Energy Corporation and its affiliates (collectively referred to in this notice as Talen Energy, we, us, our and other similar pronouns), have developed

This Service is subject to and governed by Customer s separate signed master services agreement with CTS. This Agreement is entered into between you and CTS for the provision of CTS Managed Firewall Services.

14. Privacy Policies 14.1. Introduction 14.2. Policy Accent Media Ltd, incorporated in England, is the Registry Operator for the Top Level Domain TLD.tickets ( the Registry ). As a company registered in

Installation Guide Medtech Fax Solution (for Windows 7 and later) (June 2014) IMPORTANT NOTE Medtech recommends that all Medtech upgrades and database back-up and restore processes are performed by a Medtech